Implementation Plan: Semantic Identity & Provenance

Deliver the unified identity, addressing, and provenance infrastructure for SEA-Forge™, including:

Dual-state identity scheme (ifl:hash / ifl:token)
Canonical normalization for deterministic hashing
Internal Federated Ledger (IFL) for tamper-evident audit trails
Merkle proofs and binding records linking semantic artifacts to attested identities

Consolidation Note

This plan consolidates the former P008 (Provenance and Ledger) and P016 (Identity and Addressing) into a single coherent implementation plan. The underlying specifications have been unified into SDS-050 (Semantic Identity & Provenance Infrastructure).

Provenance & Traceability

Architectural Decisions (ADRs)

ADR ID	Decision Title	Impact on This Plan
ADR-011	Internal Federated Ledger (IFL)	Establishes ledger-backed identity and provenance substrate.
ADR-003	Foundational Isomorphic Architecture	Identity must preserve meaning across all projections.

Product Requirements (PRDs)

PRD ID	Requirement Title	Satisfied By (SDS)	Acceptance Criteria
PRD-003	Internal Federated Ledger + Identity Tokens	SDS-050, SDS-018	Deterministic pre-mint; attested minting; verifiable proofs

Software Design Specifications (SDS)

SDS ID	Service/Component	Bounded Context	SEA-DSL Spec File	Implementation Status
SDS-050	Semantic Identity & Provenance Infrastructure	`shared`	N/A	Draft
SDS-018	Canonical Normalizer	`shared`	N/A	Designed
SDS-031	Authority & Ownership Boundaries	`shared`	N/A	Draft

Superseded Specifications

The following specs have been consolidated into SDS-050 and should no longer be referenced:

Old SDS	Title	Superseded By
SDS-017	Identity & Addressing Scheme	SDS-050
SDS-034	IFL Federated Ledger	SDS-050

Provenance Chain

graph TD
  ADR11[ADR-011: IFL] --> PRD3[PRD-003: IFL + Identity Tokens]
  ADR03[ADR-003: Isomorphic Architecture] --> PRD3
  PRD3 --> SDS050[SDS-050: Semantic Identity & Provenance]
  PRD3 --> SDS018[SDS-018: Canonical Normalizer]
  SDS050 --> SDS031[SDS-031: Authority Boundaries]

Architecture and Design

Design Principles Applied

Isomorphism: Identity tokens map 1:1 to canonical semantic artifacts.
Invariants: Deterministic hash stability and offline independence.
Idempotency: Minting and verification are replay-safe (eventId/nonce + state checks).

Dependency Justification

Cryptography & Signing

Dependency	Type	Version	Package	Justification	SDS Reference
libsodium	Node/Python	`0.7.x`	`libsodium-wrappers` / `pynacl`	Ed25519 signing for identity attestation	SDS-050
crypto	Node Built-in	N/A	`crypto`	SHA-256 artifact hashing	SDS-050
hashlib	Python Built-in	N/A	`hashlib`	SHA-256 hashing for IFL	SDS-050
merkletreejs	Node Library	`0.4.x`	`merkletreejs`	Merkle trees for lineage proofs	SDS-050
pymerkle	Python Library	`6.x`	`pymerkle`	Python Merkle tree implementation	SDS-050

Ledger Storage

Dependency	Type	Version	Package	Justification	SDS Reference
immudb	Immutable DB	`1.x`	`immudb-node` / `immudb-py`	Tamper-evident event history	SDS-050
protobuf	Serialization	`28.x`	`protobufjs` / `protobuf`	Binary encoding for ledger events	SDS-050

Installation Commands

# Node.js dependencies
pnpm add libsodium-wrappers merkletreejs protobufjs immudb-node

# Python dependencies
pip install pynacl pymerkle protobuf immudb-py

Expected Filetree

/
├── docs/specs/shared/prd/003-internal-federated-ledger.md
├── docs/specs/shared/adr/011-internal-federated-ledger.md
├── docs/specs/shared/sds/050-semantic-identity-provenance.md
├── docs/specs/shared/sds/018-canonical-normalizer.md
└── docs/specs/shared/sds/031-authority-ownership-boundaries.md

Proposed Cycles

Cycle	Branch	Wave	Files Modified	Files Created	Specs Implemented
C1A	`cycle/p008-c1a-identity-scheme`	1	SDS-050	—	Dual-state identity + binding records
C1B	`cycle/p008-c1b-normalizer`	1	SDS-018	—	Canonicalization + hash stability
C2A	`cycle/p008-c2a-ledger-proofs`	2	SDS-050	—	Proof formats + verification algorithms
C2B	`cycle/p008-c2b-governance-hooks`	2	SDS-031	—	Key custody, SoD, break-glass audit

Task Breakdown

Wave 1 (Parallel)

C1A: Finalize identity scheme and binding record rules
- Implements: ifl:hash / ifl:token formats, URI addressing, state transitions
- Satisfies: PRD-003, SDS-050 §1-3
- Files: docs/specs/shared/sds/050-semantic-identity-provenance.md
C1B: Lock canonical normalization rules for deterministic hashing
- Implements: Stable normalization algorithm, collision handling, test vectors
- Satisfies: SDS-018
- Files: docs/specs/shared/sds/018-canonical-normalizer.md

Wave 2 (Depends on Wave 1)

C2A: Finalize ledger proof formats and verification algorithms
- Implements: Merkle inclusion proofs, state hashes, signature validation
- Satisfies: PRD-003 acceptance criteria, SDS-050 §4-6
- Files: docs/specs/shared/sds/050-semantic-identity-provenance.md
C2B: Wire governance decision protocols into ledger requirements
- Implements: Signed approvals, break-glass audit logging, SoD enforcement
- Satisfies: SDS-031
- Files: docs/specs/shared/sds/031-authority-ownership-boundaries.md

Validation & Verification

Spec Validation

Identity formats and hash algorithm match SDS-050 exactly
Canonical normalizer produces deterministic output across platforms
Invariant references are consistent with active governance regime

Implementation Validation

Pre-mint identity (ifl:hash) computed without network access
Attested identity verifies with Merkle proof + signature
Ledger transitions increment sequenceNumber by exactly 1
Privileged actions are auditable and enforce SoD

Open Questions

~~Where does alias resolution live?~~ Resolved: Defer for MVP; use UUIDv5 only.
~~Which component owns binding record creation?~~ Resolved: CI pipeline.
~~Do we need federation/quorum semantics for MVP?~~ Resolved: Single-node ledger.

Risks & Mitigation

Risk	Likelihood	Impact	Mitigation Strategy
Hash drift due to normalization changes	Medium	High	SDS-018 test vectors + deterministic serialization.
Ledger unavailability blocks builds	Low	High	Always allow `ifl:hash` mode; attest asynchronously.
Privileged actions without audit	Low	Critical	Enforce signed envelopes + mandatory audit events.

Rollback Strategy

Operate in ifl:hash mode only while ledger service is stabilized.
Binding records can be created retroactively once ledger is available.

Linked Specifications

Type	ID	Document
ADR	ADR-011	`docs/specs/shared/adr/011-internal-federated-ledger.md`
ADR	ADR-003	`docs/specs/shared/adr/003-foundational-isomorphic-architecture.md`
PRD	PRD-003	`docs/specs/shared/prd/003-internal-federated-ledger.md`
SDS	SDS-050	`docs/specs/shared/sds/050-semantic-identity-provenance.md`
SDS	SDS-018	`docs/specs/shared/sds/018-canonical-normalizer.md`
SDS	SDS-031	`docs/specs/shared/sds/031-authority-ownership-boundaries.md`